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DETAILED ACTION 

A. Summary of Prosection: 

Request for Continued Examination 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 
CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for 
continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 . 1 7(e) has been 
timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 
1.114. Applicant's submission filed on 1 1/13/01 has been entered. 

2. RCE has been filed to continue the prosecution. 

3. Applicant has provided no amendments to claims 1, 7, and 9-19. 

4. Claim 8 has been canceled. New claims are presented as claims 20 and 21. 

5. Applicant has amended the figures and specification to coincide with the claims. 

6. Claims 1-7, 9-21 have been examined and rejected. 

B. Objections to the Specification and Claims: 

Specification 

7. The title of the invention is not descriptive. A new title is required that is clearly indicative 
of the invention to which the claims are directed. Specifically, the title is currently directed to a 
family of devices. Examiner does not agree and will change the title if there comes a time for 
allowance of the instant invention. 
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8. Applicant has overcome the new matter objection. Examiner has removed the new matter 
objection. This has been based on Applicant's response and request for reconsideration after final, 
paper #16. However, this amendment provides no more enablement to the specification than that 
which was ordinally taught within the original specification since this was drawn from the claim 
language as ordinally filed. 

Drawings 

9. Applicant has overcome the objection to the drawings, see paper #16. The proposed 
drawing correction and/or the proposed substitute sheets of drawings, filed on February 27, 2001 
have been approved. However, they present only that which was disclosed within the claims as 
ordinally filed and provide no more enablement or teaching than the claims as filed with the 
original specification as filed. 

C. Claim Interpretation and Definitions 

Preamble of the Claims 

10. The preamble of the claims presented for examination have not been given patentable 
weight. Appropriate weight is given to limitations recited in the body of the claim that are needed 
for the purpose of antecedence. "A mere statement of purpose or intended use in the preamble of 
a claim need not be considered in finding anticipation; however, it must be considered if the 
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language of a preamble is necessary to give meaning to the claim" Diver sitech Corp. v. Century 
Steps, Inc., 7 USPQ2dl315 (Fed. Cir. 1988); In re Stencel, 4 USPQ2d 1071 (Fed. Cir. 1987) 

Claim Interpretation 

1 1. Examiner has given the broadest reasonable interpretation to the Applicant's claim 
language. As such, Examiner is providing a number of terms as defined in the art and used to 
interpret Applicant's claim language. Examiner is interpreting the following terms in light of the 
Applicant's specification and the well known definitions of the prior art teachings. An Applicant 
can be her own lexicographer. While applicant may be his or her own lexicographer, a term in a 
claim may not be given a meaning repugnant to the usual meaning of that term, In re Hill, 161 
F.2d 367, 73 USPQ 482 (CCPA 1947). Examiner has used Applicant's definitions and those 
which are well know and accepted meanings in the art to provide a basis for the relevance of 
specific rejected limitations in view of prior art know made of record. Limitations from the 
specification are not read into the claims. In re Van Guens, 988 F.2d 1 181, 26 USPQ2d 1057 
(Fed. Cir. 1993). 

Definitions 

Community: May be business, organization, association or any other type of grouping having a 
plurality of members. Applicant's specification. 
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Member: Members may be persons, animals, objects or any other type of item of a community. 
Applicant 's specification. 

Relationship: The state of being related or interrelated. The relation connecting or binding 
participants in a relationship. A state of affairs existing between those having relations or dealings. 
An association of information and/or data. Webster 's Collegiate Dictionary, J 0th ed. 

Assignment: The act of being assigned. A position, post , or office to which one is assigned. A 
special task or amount of work assigned or undertaken as if assigned by authority. Transfer of 
property. Webster 's Collegiate Dictionary, 10th ed. 

Access Privileges: Access privileges may be automatically granted base on the relationship when 
a relationship table is interrogated by an application that may activate an assignment. The 
assignment is approved then activated. The relationship and assignment provide the basis for the 
access level or privilege level. Limited access privileges may be a subset of access privileges of the 
administrative manager. Privileges may be varied for administrative and/or work assignment 
managers. Privileges, relationships and assignments are stored. Applicant's specification 

Manager: A person responsible for the actions of a member within a group. Mangers may have 
disparate access privileges based on their position to access member information. Managers can 
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change their position in the organization(s). Access privileges can also change. Mangers have 
various levels of access to member information based on their position in an organization(s). 
Manger is a user with different levels of access than other users. Applicant 's specification, Well 
Known in the Art. 

Disparate access privileges: Different relationships may provide the managers with disparate 
access privileges to records of members reporting to mangers. In a community a member may be 
administratively assigned to a position of an organization A and be work assigned to an additional 
position of another organization B. The member is reporting to two different manages in two 
different organizations. Manager A has administrative responsibility for the member, while 
Manager B has work assignment responsibility. Manager A has a higher level of access to the 
member's information than the access level afforded Manager B. A manger is a user of the system 
with specific access privileges. Applicant's specification, Well Known in the Art. 

F. FORMAL PRIOR ART REJECTION(s) and RESPONSES 

Response to Arguments 

12. Applicant's arguments filed 10/23/01 and 1 1/13/01 have been fully considered. This 
response has been necessitated by Applicant's amendments and arguments. Applicant's 
arguments regarding the prior art of record are simply not persuasive. Examiner's immediate 
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supervisor is Kevin Teska. Mr. Teska can be reached at 703-305-9704. Please feel free to contact 
him regarding this case. 

Specific Response to Arguments and Amendments 
13. Applicant in reviewing the specification, should note that the term/phrase "community" is 
by her own definition a "group[ing]'\ The claims are read in light of the specification, limitations 
have not been read into the claims. When a term/phrase is ambiguous, such as "community" in 
the context of the claims, the Examiner must go to the specification to distill what Applicant is 
actually intending to claim as her invention. Examiner would like to point out to Applicant that 
the claim interpretations were indeed recited directly from the specification and from which both 
enablement and support have been drawn. Perhaps Applicant should review the specification to 
actually determine what she is attempting to cover with the presented claims that must be novel 
and patentably distinguishable over the prior art of record. The rejection is clear to the issues at 
hand. However, to date, no specific limitation has been shown to be missing from the prior art 
teachings. Apparently the Applicant must not be clear on the usage of groups as it pertains to 
access privileges and the associated role or position of members of the group. It is not the job of 
the examiner to educate the Applicant, especially knowing the skill level of the Applicant in the art 
of access privilege control. 
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14. Examiner appreciates Applicant directing him to the fact that each and every limitation 
must be taught, either expressly or inherently [sic] within the prior art used to reject the claims 
presented. The prior art asserted is not overcome because the prior art includes extra features 
that may not be disclosed within Applicant's specification. Each and every limitation is expressly 
or inherently taught within the prior art asserted. Mere attorney argument in the absence of 
evidence is simply not persuasive. As can be clearly seen in the rejections of the claims, note 
sections on page 15 et seq. of paper # 14, that the claims in their entirety have been rejected. 
This was based on both proper analysis and Applicant's own admittance that the prior art clearly 
teaches the claimed invention. In two years of prosecution, Applicant has yet to distinguish her 
invention over the well known standard known as RBAC and the integral prior art teachings of 
multilevel (also known as hierarchical) access control. No limitation recited within the claims has 
been overlooked. The response section of an Office Action is used to respond to Applicant's 
specific arguments and possibly help guide them into claiming an invention not yet disclosed in the 
prior art teachings. Nothing in the prior Office Actions should have been construed as the 
Examiner only partially or selectively interpreting, overly simplifying or dissecting the claims for 
piecemeal rejection of the claims. Each and every claim and related limitation in its entirety has 
been examined and rejected based on the merits. 

15. In regard to the rejection under 35 U.S.C. 1 12 1st para., Examiner has made a proper 
factual finding by applying all the issues as outlined in MPEP 2164. Applicant is respectfully 
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directed to further review MPEP § 2164.08 (scope or breadth of the claims), § 2164.05(a) (nature 
of the invention and state of the prior art), § 2164.05(b) (level of one of ordinary skill), § 2164.03 
(level of predictability in the art and amount of direction provided by the inventor), § 2164.02 (the 
existence of working examples) and § 2164.06 (quantity of experimentation needed to make or 
use the invention based on the content of the disclosure)." Applicant has not provided a working 
example of the alleged invention. Examiner has provided more than adequate inquiry to Applicant 
to provide anything that might show enablement with no success. Examiner reiterates that the 
mere statement that the invention "automatically providing... access privileges" does not provide 
either enablement or a proper written description of these limitations. 

As has been previously pointed out by applicant the fact that the instant invention 
performs these access privileges automatically is a major part of the invention, essential to its 
success and operation. However, Applicant still can not go to the specification and pull out any 
relative teaching that would support this very important aspect of her invention. Applicant is 
required to file the specification with an appropriate amount of specifically to enable one to 
reduce the claimed invention to practice. This burden has yet to be met. Mere attorney argument 
in the absence of evidence is simply not persuasive. 

However, on the other hand, since Applicant has conceded to the fact that such systems 
are indeed so well known that no substantive disclosure is needed, then the Examiner kindly 
welcomes this admittance. As can be openly seen in the prior art teachings Applicant's claimed 
invention has been widely implemented and therefore is very well established and old in the arts. 
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Therefore, by Applicants own admittance, paper 20, the inventive aspect of automatically 
providing access privileges is well known. Examiner, based on Applicant's prior arguments 
(paper 13), had believed that there might have been some aspect of this feature that was not 
explicitly taught in the prior art, now it is clear that this is not the case. Since Applicant has stated 
on the record that the prior art of record shows how well known this feature is, the Examiner will 
remove the rejection since he does agree that based on the level of skill in the art, the 
predictability of the art and that which is well known in the art is all that is in fact recited in these 
limitations. However, Examiner disagrees with any statement that the specification provides a 
work that was actually conducted or results actually achieved. Lastly, Applicants could not 
provide a modicum of code to substantiate either a reduction or working model. 

16. The prior art explicitly teaches the claimed limitations and more. There appears to be only 
two distinctions that Applicant has raised over the prior art teachings (pagers 4, 6, 9, 13 and 16). 
The first is that the prior art references do not teach "automatically" providing access privileges. 
This is an interesting approach since neither does Applicant's specification. However, in the case 
of trying to delineate a difference based solely on "automatic" verses "manual" there is no 
patentable distinction between the them. In other words the mere automation of a manual process 
is not patentable by it self. Further, Applicant has not provided enablement for "automatically" 
providing access privileges, except for that which she know admits has been well known in the 
arts. Second is the ability to assign members with multi-positions and the ability to reassign 
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access rights. This is usually called delegation or delegating the role or access privilege (paper 
20). The prior art expressly teaches both these features. Neither of these issues provide any 
patentable distinction over the prior art teachings. The phrase "manager", for example, has been 
called out by Applicant as having some novel aspect in the context of claims, however, the prior 
art explicitly teaches managers, hierarchical systems and the like that have access privileges to 
records of members and further allow for managers or members to delegate access privileges so 
as to let them share a resource (also know as a object, file, device and many other computer 
related systems). 

MPEP explicitly states: "A prima facie case of unpatentability is established when the 
information compels a conclusion that a claim is unpatentable under the preponderance of 
evidence, burden-of-proof standard, giving each term in the claim its broadest reasonable 
construction consistent with the specification, and before any consideration is given to evidence 
which may be submitted in an attempt to establish a contrary conclusion of patentability" and "An 
application should not be allowed , unless and until issues pertinent to patentability have been 
raised and resolved in the course of examination and prosecution, since otherwise the resultant 
patent would not justify the statutory presumption of validity (35 U.S.C. 282), nor would it 
"strictly adhere" to the requirements laid down by Congress in the 1952 Act as interpreted by the 
Supreme Court. The standard to be applied in all cases is the "preponderance of the evidence" 
test. In other words, an examiner should reject a claim if, in view of the prior art and evidence of 
record, it is more likely than not that the claim is unpatentable " and "In rejecting claims for want 



Application/Control Number: 08/920,433 
Art Unit: 2123 



Page 12 



of novelty or for obviousness, the examiner must cite the best references at his or her command. 
When a reference is complex or shows or describes inventions other than that claimed by the 
applicant, the particular part relied on must be designated as nearly as practicable. The pertinence 
of each reference, if not apparent, must be clearly explained and each rejected claim specified" 
Examiner does not believe this application raises to the level of "complex" especially knowing the 
Assignee's relative level of experience in the field of computer access models. 

Anticipation is a question of fact. In re King, 801 F2d 324, 231 USPQ 136 (Fed. Cir. 
1986). The inquiry as to whether a reference anticipates a claim must focus on what subject 
matter is encompassed by the claim and what subject matter is described by the reference. As set 
forth by the court in Kalman v. Kimberly-Clark Corp. , 713 F.2d 760, 218 USPQ 781, 789 
(Fed. Cir. 1983), cert, denied , 465 US. 1026 (1984), it is only necessary for the claims to " 
'read on' something disclosed in the reference, i.e., all limitations in the claim are found in the 
reference, or 'fully met' by it. "Where, as here, a reference describes a class of compositions, the 
reference must be analyzed to determine whether it describes a composition(s) with sufficient 
specificity to constitute an anticipation under the statute. See In re Schaumann 572 F.2d 312, 
197 USPQ 5 (CCPA 1978). (reciting from: Ex parte Lee, BPAI at 31 USPQ2d 1105) 

Examiner without any relevant evidence to the contrary had determined that the 
Applicant's claims pending in the instant case were and are not patentable nor allowable over the 
prior art made of record. Applicant was charged with the duty to rebut and provide evidence in 
the contrary of the Examiner's assertion of the prior art. The statement of what a piece of prior 
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art can do does not provide any substantive response to how it explicitly differs from the claims 
that presented in the instant invention. 

Examiner further addresses Applicant's position regarding the multiple rejections directed 
to claims. There is nothing precluding the assertion of multiple references against pending claims. 
In the instant case there were seven different references asserted. Examiner has made a prima 
facie case regarding the patentability of Applicant's claims as filed. Note that the level of skill is 
presumed to be at least one of ordinary skill. Applicant is presumed to have at least this level of 
knowledge of the art. The rejection was intentionally structured to recite "clearly anticipated'. No 
more explanation was required presuming that Applicant was at least ones of ordinary skill level 
in the art. However, the Examiner did provide a detailed listing of relevant citations for each 
reference to help direct the Applicant to understand the depth and scope of their individual 
teachings. 

As to the allegations of using a omnibus rejection, or piecemeal examination and use of a 
multiplicity of references, Examiner provides Applicant's representative with the following. Each 
claim is clearly anticipated by each and every reference asserted. On the face and with a minimal 
amount of diligence, Appellants' representative should have been able to ascertain the relevance 
of each and every reference. Examiner only provided a very small subset of all the references that 
anticipate (whether clearly or not) every claim as presented within Applicants' application. 

To restate the obvious "examiner is not called upon to cite all the references that may be 
available, but only the best.." Examiner used only a subset of the "best" references since they 
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clearly anticipate all of Appellants' claimed limitations. Examiner did not cite "all the references 
that may be available", only five out of many more possible references. Specifically, Examiner did 
not cite any of the articles from a number of symposiums on role-based access or the military 
specifications that directly relate to the instant invention. A mere sampling of either family of 
specifications or articles would clearly anticipate all of the Applicant's independent claims and 
their dependencies. The breath of which Applicant has drafted their claim language can be 
reasonably interpreted to be anticipated by many different publications and patents. Examiner 
provided only a reasonably small grouping of prior art that clearly anticipates both the instant 
invention and the claimed invention. 

Claim 1, recites nothing more than storing an assignment of a member of a community to a 
first position in the community to generate a first relationship; automatically providing a manager 
of the first position with access privileges to records of the member based on the first relationship; 
storing an additional assignment of the member to a second position in the community to generate 
a second relationship; and during pendency of the additional assignment, automatically providing 
a manager of the second position with disparate access privileges to records of the member based 
on the second relationship. This is nothing more than associating which data files a specific user 
has access privileges to, allowing this relationship to be reassigned and providing different levels 
of access to different data based on the associations between users and data. As applicants have 
admitted, the feature of automatically providing... access privileges is well established in the prior 
art. In simpler terms, a standard well known and off the shelf access privilege setting scheme that 
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has been in existence for decades. An access control system based on users positions within an 
organization relationship to allowed data access and delegation of the access to that data is within 
the scope of this claim. The prior asserted explicitly teaches all the claim limitations as recited. 

Examiner believes that Applicant has attempted to cover "user-role" or "role-based" 
access control for a distributed system, however have fallen far short of actually claiming any 
improvement in such a system. Again, these systems are well known and are herewith asserted as 
prior art teachings of such systems. Examiner has provided a reference in the rejection to show 
what is designed into a functioning RBAC (role based access control) system. (Workshop 
Summary from the Proceedings of the First ACM Workshop on Role-Based Access Control, 
December 1995, hereafter referred to as Workshop) 

Applicant is solving the same problem with the same technology in the same manner as the 
prior art. There is not an inventive step when all that is claimed is that which is well known and 
inherent in the art. Applicant's invention and the prior art asserted perform the same functions 
and operations with the same equipment. This teaching provides for different settings of access 
privileges for users, members and groups with affiliations between the user and the object or data. 
This includes delegation of access privileges and roles. 

Within the prior art teachings, the privilege levels of users, members, groups or manager 
users can be changed. A manager user can be afforded access rights a one level to one set of data 
and also be afforded different access rights to a second set of data. Users can be afforded different 
access levels to different data within different or the same system. In general Applicants are 
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merely attempting to claim setting access privileges based on a business organizational chart 
where the access privileges can be changed and delegated. Applicant has vialed the standard 
RBAC, multilevel group, membership and user access privilege system in the cloak of business 
method by attempting to cloud the issues by highlighting labels attached to users within the 
hierarchy, such as a "manager", and related "positions" within the organization that are afforded 
various access levels to information. This is merely setting labels to specific users. A manger is a 
user with different levels of access relative to others in the organization. The ability to transfer 
access or membership is built into security systems. In fact, in general most systems do not want 
this feature available to the user so that data may be compartmented and secured. There can be 
afforded no patentable weight when the distinction is merely a label or specific use for a well 
known method, system, apparatus or processes. 

One implementing anyone of the prior art teachings would yield a system that would 
function as Applicant has claimed as inventive. Applicant is reminded that a recitation of the 
intended use of the claimed invention must result in a structural difference between the claimed 
invention and the prior art in order to patentably distinguish the claimed invention from the prior 
art. If the prior art structure is capable of performing the intended use, then it meets the claim. In 
a claim drawn to a process of making, the intended use must result in a manipulative difference as 
compared to the prior art. In re Casey, 152 USPQ 235 (CCPA 1967); In re Otto, 136 
USPQ 458, 459 (CCPA 1963). The components and their operations, as taught within the prior 
art teachings are functional equivalents, identical in operation and provide inherent operations 
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that have an inevitable presence and are well known in the art. In re Bond, 15 USPQ2d 1566 
(Fed Cir. 1990), In re Robertson, 49 USPQ2d 1949 (Fed. Cir. 1999) 

Applicant has not provided any effective argument as to any patentable distinction, 
improvement or unexpected result that might occur over the prior art teachings when Applicant's 
method of providing different access privileges to different users based on affiliations than that 
which are built into the prior art teachings. Applicant appears to believe the novelty is within the 
ability of the system to store and change data relating to providing changeable access privileges to 
different users with varying levels of access. This is merely using the well known tool of the trade 
for its specific purpose. The courts have held that "A reference anticipates a claim if it discloses 
the claimed invention such that a skilled artisan could take its teachings in combination with his 
own knowledge of the particular art and be in possession of the invention." In re Graves, 36 



USPQ2d 1697 (Fed. Cir. 1995); In re Sase, 207 USPQ 107 (CCPA 1980); In re Samour, 197 
USPQ 1 (CCPA 1978). 



17. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or 
on sale in this country, more than one year prior to the date of application for patent in the United States. 



Claim Rejections - 35 U.S.C. § 102 



(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
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has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

18. Claims 1-21 are rejected under 35 U.S.C. § 102(b) as being clearly anticipated by Rabitti 
et al. or Baldwin or Demurjian et al. or Abraham et al.(903) or Howell et al. et al. or Workshop 
on Role Based Access (1995) and rejected under 35 U.S.C. § 102(e) as being clearly anticipated 
by Deinhart et al. or Barkley. 

Taking claim 1, for example, Rabitti et al. and Baldwin and Demurjian and Abraham et 
al.(903) and Deinhart et al. and Barkley and Howell et al. et al. disclose: 

Rabitti et al.: Abstract, sections entitled: Instruction, 2.2 Intuitive Overview of the Basic 
Authorization Concepts, 3 Implication Rules, Figures 7-9 with related text, 3.3 Authorization 
Objects, 3.3.2 Association of Authorization Types with Authorization Objects, 3.3.4 Rules for 
Computing Implicit Strong Authorizations, 4 Implicit Authorizations for Object-Oriented and 
Semantic Modeling Concepts, 5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 
Access Strategies 

Baldwin: Title, Abstract, Introduction, sections entitled: Groups Object Privileges and 
Individuals, page 1 19, Managing Changes to the Security Configuration, Aspects of security 
administration, page 120, pages 121-128 

Demurjian et a.: Title, Abstract, Figures 1-3, sections entitled: 1. Introduction and 
Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role Definition Hierarchy, 2.3 
Method Assignment, 3 The URDH and Application Analysis, pages 198-202. 
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Abraham et al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, Detailed 

Description of Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq. 
Deinhart et aL: Title: Method and System for Advanced Role-Based Access control in 

Distributed and Centralized Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, 

Description of Prior Art, Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et 

seq. 5 col. 8, lines 53 et seq, col. 9, lines 38 et seq. 

Barkley: Title: Workflow Management Employing Role-Based Access Control, Abstract, 

Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 20, roles 30, operations 32, 

Background of the Invention, Description of the Preferred Embodiments, col. 5, lines 55 et seq. 
Howell et al. et aL: Title, Abstract, Figures 2, 3, flow chart in figure 4, col. 2, lines 35 et seq., 

col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et seq., allows for changes in user 

and group membership access within the organization. 

A method of providing access privileges to records of members of a community, 

comprising 

storing an assignment of a member of a community to a first position in the 
community to generate a first relationship; 

automatically providing a manager of the first position with access privileges to 
records of the member based on the first relationship; 

storing an additional assignment of the member to a second position in the community 
to generate a second relationship; and 
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during pendency of the additional assignment, automatically providing a manager of 
the second position with disparate access privileges to records of the member based on the 
second relationship. 

As to claim 2, the method of Claim 1, wherein the manager of the second position has 
access privileges to records of the member is taught throughout Rabitti et al. and Baldwin and 
Demurjian and Abraham et al. (903) and Deinhart et al. and Barkley and Howell et aL et 
al. (Rabitti et al.: Abstract, sections entitled: Instruction, 2.2 Intuitive Overview of the Basic 
Authorization Concepts, 3 Implication Rules, Figures 7-9 with related text, 3.3 Authorization 
Objects, 3.3.2 Association of Authorization Types with Authorization Objects, 3.3.4 Rules for 
Computing Implicit Strong Authorizations, 4 Implicit Authorizations for Object-Oriented and 
Semantic Modeling Concepts, 5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 
Access Strategies; Baldwin: Title, Abstract, Introduction, sections entitled: Groups Object 
Privileges and Individuals, page 1 19, Managing Changes to the Security Configuration, Aspects 
of security administration, page 120, pages 121-128; Demurjian et a.: Title, Abstract, Figures 1- 
3, sections entitled: 1. Introduction and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A 
User-Role Definition Hierarchy, 2.3 Method Assignment, 3 The URDH and Application Analysis, 
pages 198-202.; Abraham et aL(903): Title, Abstract, Figures 2-15, Summary of the Invention, 
Detailed Description of Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; 
Deinhart et al.: Title: Method and System for Advanced Role-Based Access control in 
Distributed and Centralized Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, 
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Description of Prior Art, Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., 
col. 8, lines 53 et seq, col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing 
Role-Based Access Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 
20, roles 30, operations 32, Background of the Invention, Description of the Preferred 
Embodiments, col. 5, lines 55 et seq.; Howell et al. et aL: Title, Abstract, Figures 2, 3, flow chart 
in figure 4, col. 2, lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et 
seq., allows for changes in user and group membership access within the organization.,) 

As to claim 3, the method of Claim 1, wherein the manager of the first position has access 
privileges to administrative records of the member denied to the manager of the second position is 
taught throughout Rabitti et al. and Baldwin and Demurjian and Abraham et al. (903) and 
Deinhart et al. and Barkley and Howell et al. et al. (Rabitti et aL: Abstract, sections entitled: 
Instruction, 2.2 Intuitive Overview of the Basic Authorization Concepts, 3 Implication Rules, 
Figures 7-9 with related text, 3.3 Authorization Objects, 3.3.2 Association of Authorization 
Types with Authorization Objects, 3.3.4 Rules for Computing Implicit Strong Authorizations, 4 
Implicit Authorizations for Object-Oriented and Semantic Modeling Concepts, 5 Implementation 
Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 Access Strategies; Baldwin: Title, Abstract, 
Introduction, sections entitled: Groups Object Privileges and Individuals, page 119, Managing 
Changes to the Security Configuration, Aspects of security administration, page 120, pages 121- 
128; Demurjian et a.: Title, Abstract, Figures 1-3, sections entitled: 1. Introduction and 
Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role Definition Hierarchy, 2.3 
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Method Assignment, 3 The URDH and Application Analysis, pages 198-202.; Abraham et 
al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, Detailed Description of 
Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; Deinhart et al.: Title: 
Method and System for Advanced Role-Based Access control in Distributed and Centralized 
Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, Description of Prior Art, 
Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., col. 8, lines 53 et seq, 
col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing Role-Based Access 
Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 20, roles 30, 
operations 32, Background of the Invention, Description of the Preferred Embodiments, col. 5, 
lines 55 et seq.; Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart in figure 4, col. 2, 
lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et seq., allows for 
changes in user and group membership access within the organization.^) 

As to claim 4, the method of Claim 1 , wherein the additional assignment comprises a tern 
work assignment is taught throughout Rabitti et al. and Baldwin and Demurjian and Abraham et 
al. (903) and Deinhart et al. and Barkley and Howell et al. et al. (Rabitti et al.: Abstract, sections 
entitled: Instruction, 2.2 Intuitive Overview of the Basic Authorization Concepts, 3 Implication 
Rules, Figures 7-9 with related text, 3.3 Authorization Objects, 3.3.2 Association of 
Authorization Types with Authorization Objects, 3.3.4 Rules for Computing Implicit Strong 
Authorizations, 4 Implicit Authorizations for Object-Oriented and Semantic Modeling Concepts, 
5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 Access Strategies; Baldwin: Title, 
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Abstract, Introduction, sections entitled: Groups Object Privileges and Individuals, page 1 19, 
Managing Changes to the Security Configuration, Aspects of security administration, page 120, 
pages 121-128; Demurjian et a,: Title, Abstract, Figures 1-3, sections entitled: 1. Introduction 
and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role Definition Hierarchy, 
2.3 Method Assignment, 3 The URDH and Application Analysis, pages 198-202.; Abraham et 
al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, Detailed Description of 
Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; Deinhart et ah: Title: 
Method and System for Advanced Role-Based Access control in Distributed and Centralized 
Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, Description of Prior Art, 
Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., col. 8, lines 53 et seq, 
col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing Role-Based Access 
Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 20, roles 30, 
operations 32, Background of the Invention, Description of the Preferred Embodiments, col. 5, 
lines 55 et seq.; Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart in figure 4, col. 2, 
lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et seq., allows for 
changes in user and group membership access within the organization.) 

As to claim 5, the method of Claim 1, wherein the community comprises a business 
member comprises an employee of the business is taught throughout Rabitti et al. and Baldwin 
and Demurjian and Abraham et al. (903) and Deinhart et al. and Barkley and Caruso et al.(Rabitti 
et al.: Abstract, sections entitled: Instruction, 2.2 Intuitive Overview of the Basic Authorization 
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Concepts, 3 Implication Rules, Figures 7-9 with related text, 3.3 Authorization Objects, 3.3.2 
Association of Authorization Types with Authorization Objects, 3.3.4 Rules for Computing 
Implicit Strong Authorizations, 4 Implicit Authorizations for Object-Oriented and Semantic 
Modeling Concepts, 5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 Access 
Strategies; Baldwin: Title, Abstract, Introduction, sections entitled: Groups Object Privileges and 
Individuals, page 1 19, Managing Changes to the Security Configuration, Aspects of security 
administration, page 120, pages 121-128; Demurjian et a.: Title, Abstract, Figures 1-3, sections 
entitled: 1. Introduction and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role 
Definition Hierarchy, 2.3 Method Assignment, 3 The URDH and Application Analysis, pages 
198-202.; Abraham et al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, 
Detailed Description of Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; 
Deinhart et aL: Title: Method and System for Advanced Role-Based Access control in 
Distributed and Centralized Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, 
Description of Prior Art, Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., 
col. 8, lines 53 et seq, col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing 
Role-Based Access Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 
20, roles 30, operations 32, Background of the Invention, Description of the Preferred 
Embodiments, col. 5, lines 55 et seq.; Howell et al. et aL: Title, Abstract, Figures 2, 3, flow chart 
in figure 4, col. 2, lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et 
seq., allows for changes in user and group membership access within the organization.,) 
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As to claim 6, the method of Claim 1 , wherein the records comprise personnel records of 
the member is taught throughout Rabitti et al. and Baldwin and Demurjian and Abraham et al. 
(903) and Deinhart et aL and Barkley and Howell et al. et al. (Rabitti et al.: Abstract, sections 
entitled: Instruction, 2.2 Intuitive Overview of the Basic Authorization Concepts, 3 Implication 
Rules, Figures 7-9 with related text, 3.3 Authorization Objects, 3.3.2 Association of 
Authorization Types with Authorization Objects, 3.3.4 Rules for Computing Implicit Strong 
Authorizations, 4 Implicit Authorizations for Object-Oriented and Semantic Modeling Concepts, 
5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 Access Strategies; Baldwin: Title, 
Abstract, Introduction, sections entitled: Groups Object Privileges and Individuals, page 1 19, 
Managing Changes to the Security Configuration, Aspects of security administration, page 120, 
pages 121-128; Demurjian et a.: Title, Abstract, Figures 1-3, sections entitled: 1. Introduction 
and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role Definition Hierarchy, 
2.3 Method Assignment, 3 The URDH and Application Analysis, pages 198-202.; Abraham et 
al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, Detailed Description of 
Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; Deinhart et al.: Title: 
Method and System for Advanced Role-Based Access control in Distributed and Centralized 
Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, Description of Prior Art, 
Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., col. 8, lines 53 et seq, 
col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing Role-Based Access 
Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 20, roles 30, 
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operations 32, Background of the Invention, Description of the Preferred Embodiments, col. 5, 
lines 55 et seq.; Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart in figure 4, col. 2, 
lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et seq., allows for 
changes in user and group membership access within the organization.^) 

Claims 7, 9-19 are rejected based on the same reasoning as claims 1-6, supra. Claims 7, 
9-19 claim the same limitations as claims 1-6 and taught throughout Rabitti et al. and Baldwin and 
Demurjian and Abraham et al. (903) and Deinhart et al. and Barkley and Howell et al. et al. 
(Rabitti et al.: Abstract, sections entitled: Instruction, 2.2 Intuitive Overview of the Basic 
Authorization Concepts, 3 Implication Rules, Figures 7-9 with related text, 3.3 Authorization 
Objects, 3.3.2 Association of Authorization Types with Authorization Objects, 3.3.4 Rules for 
Computing Implicit Strong Authorizations, 4 Implicit Authorizations for Object-Oriented and 
Semantic Modeling Concepts, 5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 
Access Strategies; Baldwin: Title, Abstract, Introduction, sections entitled: Groups Object 
Privileges and Individuals, page 119, Managing Changes to the Security Configuration, Aspects 
of security administration, page 120, pages 121-128; Demurjian et a.: Title, Abstract, Figures 1- 
3, sections entitled: 1. Introduction and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A 
User-Role Definition Hierarchy, 2.3 Method Assignment, 3 The URDH and Application Analysis, 
pages 198-202.; Abraham et ah(903): Title, Abstract, Figures 2-15, Summary of the Invention, 
Detailed Description of Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; 
Deinhart et al.: Title: Method and System for Advanced Role-Based Access control in 
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Distributed and Centralized Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, 
Description of Prior Art, Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., 
col. 8, lines 53 et seq, col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing 
Role-Based Access Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 
20, roles 30, operations 32, Background of the Invention, Description of the Preferred 
Embodiments, col. 5, lines 55 et seq.; Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart 
in figure 4, col. 2, lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et 
seq., allows for changes in user and group membership access within the organization.^) 



19. A shortened statutory period for response to this action is set to expire 3 (three) months 
and 0 (zero) days from the mail date of this action. Failure to respond within the period for 
response will result in ABANDONMENT of the application (see 35 U.S.C. 133, M.P.E.P. 
710.02, 710.02(b)). 

20. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to William Thomson whose telephone number is (703) 305-0022. The 
examiner can be usually reached between 9:30 a.m. - 4:00 p.m. Monday thru Friday. Voice mail is 
checked throughout the day. Please leave a detailed message. 



Conclusion 
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If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Mr. Kevin Teska, can be reached on 704-305-9704. The fax phone number for this 
Group is 703-308-1396. 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the Group receptionist whose telephone number is 703-305-3900. 
William D. Thomson 

Patent Examiner 
A.U. 2123 
February 20, 2002 




